reactos/ntoskrnl/include/internal/se.h

   1 #ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
   2 #define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
   3
   4 extern POBJECT_TYPE SepTokenObjectType;
   5
   6 /* SID Authorities */
   7 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
   8 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
   9 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
  10 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
  11 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
  12
  13 /* SIDs */
  14 extern PSID SeNullSid;
  15 extern PSID SeWorldSid;
  16 extern PSID SeLocalSid;
  17 extern PSID SeCreatorOwnerSid;
  18 extern PSID SeCreatorGroupSid;
  19 extern PSID SeCreatorOwnerServerSid;
  20 extern PSID SeCreatorGroupServerSid;
  21 extern PSID SeNtAuthoritySid;
  22 extern PSID SeDialupSid;
  23 extern PSID SeNetworkSid;
  24 extern PSID SeBatchSid;
  25 extern PSID SeInteractiveSid;
  26 extern PSID SeServiceSid;
  27 extern PSID SeAnonymousLogonSid;
  28 extern PSID SePrincipalSelfSid;
  29 extern PSID SeLocalSystemSid;
  30 extern PSID SeAuthenticatedUserSid;
  31 extern PSID SeRestrictedCodeSid;
  32 extern PSID SeAliasAdminsSid;
  33 extern PSID SeAliasUsersSid;
  34 extern PSID SeAliasGuestsSid;
  35 extern PSID SeAliasPowerUsersSid;
  36 extern PSID SeAliasAccountOpsSid;
  37 extern PSID SeAliasSystemOpsSid;
  38 extern PSID SeAliasPrintOpsSid;
  39 extern PSID SeAliasBackupOpsSid;
  40 extern PSID SeAuthenticatedUsersSid;
  41 extern PSID SeRestrictedSid;
  42 extern PSID SeAnonymousLogonSid;
  43
  44 /* Privileges */
  45 extern LUID SeCreateTokenPrivilege;
  46 extern LUID SeAssignPrimaryTokenPrivilege;
  47 extern LUID SeLockMemoryPrivilege;
  48 extern LUID SeIncreaseQuotaPrivilege;
  49 extern LUID SeUnsolicitedInputPrivilege;
  50 extern LUID SeTcbPrivilege;
  51 extern LUID SeSecurityPrivilege;
  52 extern LUID SeTakeOwnershipPrivilege;
  53 extern LUID SeLoadDriverPrivilege;
  54 extern LUID SeCreatePagefilePrivilege;
  55 extern LUID SeIncreaseBasePriorityPrivilege;
  56 extern LUID SeSystemProfilePrivilege;
  57 extern LUID SeSystemtimePrivilege;
  58 extern LUID SeProfileSingleProcessPrivilege;
  59 extern LUID SeCreatePermanentPrivilege;
  60 extern LUID SeBackupPrivilege;
  61 extern LUID SeRestorePrivilege;
  62 extern LUID SeShutdownPrivilege;
  63 extern LUID SeDebugPrivilege;
  64 extern LUID SeAuditPrivilege;
  65 extern LUID SeSystemEnvironmentPrivilege;
  66 extern LUID SeChangeNotifyPrivilege;
  67 extern LUID SeRemoteShutdownPrivilege;
  68 extern LUID SeUndockPrivilege;
  69 extern LUID SeSyncAgentPrivilege;
  70 extern LUID SeEnableDelegationPrivilege;
  71
  72 /* DACLs */
  73 extern PACL SePublicDefaultUnrestrictedDacl;
  74 extern PACL SePublicOpenDacl;
  75 extern PACL SePublicOpenUnrestrictedDacl;
  76 extern PACL SeUnrestrictedDacl;
  77
  78 /* SDs */
  79 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
  80 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
  81 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
  82 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
  83 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
  84 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
  85
  86
  87 /* Functions */
  88
  89 BOOLEAN SeInit1(VOID);
  90 BOOLEAN SeInit2(VOID);
  91 BOOLEAN SeInitSRM(VOID);
  92
  93 VOID SepInitLuid(VOID);
  94 VOID SepInitPrivileges(VOID);
  95 BOOLEAN SepInitSecurityIDs(VOID);
  96 BOOLEAN SepInitDACLs(VOID);
  97 BOOLEAN SepInitSDs(VOID);
  98
  99 VOID SeDeassignPrimaryToken(struct _EPROCESS *Process);
 100
 101 NTSTATUS STDCALL
 102 SepCreateImpersonationTokenDacl(PTOKEN Token,
 103                                 PTOKEN PrimaryToken,
 104                                 PACL *Dacl);
 105
 106 VOID SepInitializeTokenImplementation(VOID);
 107
 108 PTOKEN STDCALL SepCreateSystemProcessToken(VOID);
 109
 110 NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
 111                                 PACCESS_TOKEN NewToken,
 112                                 PACCESS_TOKEN* OldTokenP);
 113
 114 NTSTATUS
 115 SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
 116                                 ULONG PrivilegeCount,
 117                                 KPROCESSOR_MODE PreviousMode,
 118                                 PLUID_AND_ATTRIBUTES AllocatedMem,
 119                                 ULONG AllocatedLength,
 120                                 POOL_TYPE PoolType,
 121                                 ULONG d,
 122                                 PLUID_AND_ATTRIBUTES* Dest,
 123                                 PULONG Length);
 124
 125 VOID
 126 SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
 127                                 KPROCESSOR_MODE PreviousMode,
 128                                 ULONG a);
 129
 130 BOOLEAN
 131 SepPrivilegeCheck(PTOKEN Token,
 132                   PLUID_AND_ATTRIBUTES Privileges,
 133                   ULONG PrivilegeCount,
 134                   ULONG PrivilegeControl,
 135                   KPROCESSOR_MODE PreviousMode);
 136
 137 NTSTATUS
 138 STDCALL
 139 SepDuplicateToken(PTOKEN Token,
 140                   POBJECT_ATTRIBUTES ObjectAttributes,
 141                   BOOLEAN EffectiveOnly,
 142                   TOKEN_TYPE TokenType,
 143                   SECURITY_IMPERSONATION_LEVEL Level,
 144                   KPROCESSOR_MODE PreviousMode,
 145                   PTOKEN* NewAccessToken);
 146
 147 NTSTATUS
 148 SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
 149                                    IN KPROCESSOR_MODE AccessMode,
 150                                    IN POOL_TYPE PoolType,
 151                                    IN BOOLEAN CaptureIfKernel,
 152                                    OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
 153                                    OUT PBOOLEAN Present);
 154
 155 VOID
 156 SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
 157                                    IN KPROCESSOR_MODE AccessMode,
 158                                    IN BOOLEAN CaptureIfKernel);
 159
 160 NTSTATUS
 161 SepCaptureSid(IN PSID InputSid,
 162               IN KPROCESSOR_MODE AccessMode,
 163               IN POOL_TYPE PoolType,
 164               IN BOOLEAN CaptureIfKernel,
 165               OUT PSID *CapturedSid);
 166
 167 VOID
 168 SepReleaseSid(IN PSID CapturedSid,
 169               IN KPROCESSOR_MODE AccessMode,
 170               IN BOOLEAN CaptureIfKernel);
 171
 172 NTSTATUS
 173 SepCaptureAcl(IN PACL InputAcl,
 174               IN KPROCESSOR_MODE AccessMode,
 175               IN POOL_TYPE PoolType,
 176               IN BOOLEAN CaptureIfKernel,
 177               OUT PACL *CapturedAcl);
 178
 179 VOID
 180 SepReleaseAcl(IN PACL CapturedAcl,
 181               IN KPROCESSOR_MODE AccessMode,
 182               IN BOOLEAN CaptureIfKernel);
 183
 184 #define SepAcquireTokenLockExclusive(Token)                                    \
 185   do {                                                                         \
 186     KeEnterCriticalRegion();                                                   \
 187     ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
 188   while(0)
 189
 190 #define SepAcquireTokenLockShared(Token)                                       \
 191   do {                                                                         \
 192     KeEnterCriticalRegion();                                                   \
 193     ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
 194   while(0)
 195
 196 #define SepReleaseTokenLock(Token)                                             \
 197   do {                                                                         \
 198     ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
 199     KeLeaveCriticalRegion();                                                   \
 200   while(0)
 201
 202 #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
 203
 204 /* EOF */